elimina SQL Injection vulnerability in Alguest

Summary

Vulnerability
elimina SQL Injection vulnerability in Alguest
Discovered
2011.01.04
Last Update
n/a n/a
ID
EV0173
CVE
n/a
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Alguest (http://sourceforge.net/projects/alguest/) script.

SQL Injection
It is possible to inject arbitrary SQL query using elimina parameter in elimina.php script.

Parameter elimina is used in SQL query without any sanitation.

PoC/Exploit

SQL Injection Example

Vulnerable code: $query = "DELETE FROM guest WHERE id=$elimina";

SQL Injection PoC:
POST /alguest/elimina.php HTTP/1.0
Host: website
Cookie: admin=1
Content-Length: N

send=elimina&elimina=[SQL Injection]

Solution.

Solution for "elimina SQL Injection vulnerability in Alguest" is not available. Check vendor's website for updates.

Order PHP Code Test made by eVuln

Defend against attacks by source code analysis of your site done by Aliaksandr Hartsuyeu.The order will be done by experts in web security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>